C-NSA: a hybrid approach based on artificial immune algorithms for anomaly detection in web traffic

Abstract

Security vulnerabilities in web traffic can directly lead to data leak. Preventing these data leaks to a large extent has become an important problem to solve. Besides, the accurate detection and prevention of abnormal changes in web traffic is of great importance. In this study, a hybrid approach, called C-NSA, based on the negative selection algorithm (NSA) and clonal selection algorithm (CSA) of artificial immune systems for the detection of abnormal web traffic on the network is proposed and a user-friendly application software is developed. The real and synthetic data in the Yahoo Webscope S5 dataset are used for web traffic and the data are split into windows using the window sliding. In the experimental studies, the abnormal web traffic data is detected by monitoring the changes in the number of activated detectors in the C-NSA. It is observed that the average accuracy performance of finding anomalies in real web traffic data is 94.30% and the overall classification accuracy is 98.22% based on proposed approach. In addition, false positive rate of the proposed approach using C-NSA is obtained as 0.029. In addition, the results in synthetic web traffic data using C-NSA are achieved as average 98.57% classification accuracy.